1.1 It has been observed that quite often the internal inspection machinery in banks has failed to highlight and pinpoint the existence of gross and serious irregularities such as improper credit appraisal, disbursement without observing the terms of sanction, failure to exercise proper post-disbursement supervision, even suppression of information relating to unauthorised excess drawals allowed, kite flying in bills and cheques, etc. or bring to light frauds.

The internal inspection reports rarely make any adverse comments on the failure of officials of Controlling/Head Offices. The failure of the internal inspection machinery is mainly attributable to the incompetence of the internal inspection personnel the casual manner in which the work is carried out and lack of follow up of the inspection. Personnel who cannot otherwise be deployed in other sensitive/critical areas more often staff the inspection/audit department.

2. GHOSH COMMITTEE RECOMMENDATIONS ON INTERNAL INSPECTION AND AUDIT

The Reserve Bank of India had constituted a High Level Committee, under the chairmanship of Shri A. Ghosh, the then Deputy Governor of RBI, to enquire into the various aspects relating to frauds and malpractices in banks. The Committee made a number of recommendations and suggested precautions to be taken to avoid incidence of frauds and malpractices in the banks. Reserve Bank of India had examined these recommendations and some of the recommendations relevant to the primary (urban) co-operative banks recommended for adoption by them are indicated below:

2.1 Internal Audit Machinery

Banks should introduce a sound system of internal audit. With a view to strengthening the credibility of the inspection system in detecting cases of frauds/malpractices, steps need to be taken to gear up the inspection/audit machinery and to improve the quality of officers of the inspection department. The head of the inspection department at the Head Office should be a sufficiently senior person and should report directly to the Chairman. If the bank has Regional Offices, there should be an audit machinery under an official of sufficient seniority as the Regional Office Chief to conduct the periodic audit of branches under its jurisdiction. The officers posted to this department should have sufficient experience and exposure and the department should be headed by an official of sufficient seniority and proven integrity. In order to attract competent staff to the department, minimum, continuous experience of three years in Inspection Department should be made as a prerequisite for promotion to senior level.

2.2 Periodicity of Internal Audit

The periodicity of the internal audit of the branches should be at least once in every 12 months, which should be really of surprise character.

2.3 Coverage of Internal Audit

2.3.1 The coverage of such inspections should also be made more comprehensive, inter alia, to include a thorough examination of the internal control system obtaining at the branches including the various periodical control returns submitted to the controlling offices. The internal inspection report should specifically comment, on the position of irregularities pointed out in the inspection report of Reserve Bank of India. The inspection/audit officials should also critically analyse and make in-depth study of the corruption/fraud prone areas such as appraisal of credit proposals, balancing of books, reconciliation of inter-branch accounts, settlement of clearing transactions, suspense accounts, premises and stationery accounts during the course of inspections leaving no scope for any malpractices/irregularities remaining undetected.

2.3.2 The internal inspector should scrutinise the suspense account during inspection / visit and give specific instructions for early reversal of entries.

2.3.3 The banks should ensure that the system evolved for recording the details of off-balance sheet transactions are properly followed by all branches. These records should be periodically balanced and internal inspectors should verify the same and offer critical comments.

2.3.4 Proper inventory of dead stock articles, stationery should be maintained and subjected to surprise check at periodical intervals by the officials of the branch as also internal inspectors.

2.3.5 Compliance with Prudential Norms

Internal auditors should bring out non-compliance with the prudential norms relating to income recognition, asset classification and provisioning for taking suitable action in the matter.

2.3.6 Cheque Purchase Transactions

The internal inspectors should verify all the cheque purchased/discounted beyond the sanctioned limit. They should be asked to conduct a sample checking of transactions.

2.4 Supplementary Inspections/Audit

The annual internal inspection may be supplemented by surprise short inspections,revenue audit, credit portfolio audit etc. in larged sized banks. Surprise short inspection may be carried out by officials at appropriate higher levels to ensure that branch officials are not indulging in malafide practices.

2.5 Revenue Audit

The reasons of leakage of income unearthed during such audit should be examined in-depth and action taken against the officials responsible for the lapses.

2.6 Credit Portfolio Audit

2.6.1 A system of exclusive scrutiny of credit portfolio with focus on larger advances and group exposures at regular intervals may be introduced in large sized UCBs. A special scrutiny of high value accounts shifted to the bank along with executives/officials including General Managers/ Chief Executive Officer/ Managing Directors transferred from other banks should be done. Similarly the accounts transferred from other branches along with the officials should be subjected to thorough scrutiny during the internal inspection. The summary of the important findings may be submitted to the Committee of the Board.

3. OTHER AREAS OF IMPORTANCE

3.1 Investment Portfolio Audit

Primary (urban) co-operative banks are required to include the following measures in respect of investment portfolio audit:

3.1.1 The reconciliation of the balances of SGL transfer forms as per bank’s books should be periodically checked by the internal audit department.

3.1.2 In view of the possibility of abuse, purchase and sale of government securities etc. should be separately subjected to audit by internal auditors (and in the absence of internal auditors by Chartered Accountants out of the panel maintained by the Registrar of Co-operative Societies) and the results of their audit should be placed before the Board of Directors once every quarter.

3.1.3 The audit should scrutinise that:

Adherence to the aggregate upper contract limit for each of the approved brokers is within a limit of 5% of total transactions (both purchase and sales) entered into by the bank during a year.

that disproportionate part of the business is not transacted through only one or a few brokers and that aggregate contract limits for each of the approved brokers are not exceeded. The limit should cover both the business initiated by the bank and the business offered/brought to the bank by broker. The business put through any individual broker or brokers in excess of the limit of 5% of total transactions entered into by the bank during the year with the reasons therefor, should be covered in the half-yearly review to the Board of Directors ; and

The deals have been undertaken in the best interest of the bank.

4 CONCURRENT AUDIT SYSTEM

4.1 Ghosh Committee had recommended introduction of concurrent audit at large and exceptionally large branches of banks to serve as administrative support to branches, help in adherence to prescribed systems and procedures and prevention and timely detection of lapses/irregularities. Concurrent Audit which was introduced in all scheduled and other primary (urban) co-operative banks with deposits over Rs.50 crore was extended to all UCBs based on the recommendations of the Joint Parliamentary Committee (JPC), which enquired into stock market scam and matters relating thereto.

4.2 The concurrent audit system is to be regarded as part of a bank's early-warning system to ensure timely detection of irregularities and lapses, which helps in preventing fraudulent transactions at branches. It is, therefore, necessary for the bank's management to bestow serious attention to the implementation of various aspects of the system such as selection of branches, coverage of business operations, appointment of auditors, appropriate reporting procedures, follow-up/rectification processes and utilisation of the feed-back from the system for appropriate and quick management decisions.

4.3 The Board should once in a year review the effectiveness of the system and take necessary measures to correct the lacunae in the system,

4.4 It is basically for the individual banks' managements to decide the details of the concurrent audit system. However, a note indicating the broad features of concurrent audit system is given in Annex 1 for the guidance of the banks. The note broadly defines the concept and scope of concurrent audit, such as converge of business/branches, types of activities to be covered during the audit reporting system. The note also details the broad suggestions in respect of various aspects of concurrent audit.

4.5 It is expected that the suggestions in the note would ensure some uniformity in the systems to be introduced by different banks. While framing a concurrent audit system, the banks may clearly spell out the linkages between different forms of internal inspections and audits already in existence and the proposed concurrent audit.

4.6 The concurrent auditors shall certify that the investments held by the bank as on the last reporting Friday of each quarter as reported to the Reserve Bank of India are actually owned / held by it as evidenced by physical securities or the custodians statement. The certificate should be submitted to the Regional Office of the Reserve Bank of India, having jurisdiction over the bank, within thirty days from the end of the relative quarter.

4.8 Serious irregularities brought out in the concurrent audit report should be immediately reported to the Regional Office concerned of this department.

4.9 Chartered Accountants / audit firms associated with the bank for internal / concurrent audit assignments should not undertake statutory audit assignment during the same period. The firms associated with internal / concurrent audit should relinquish the internal / concurrent audit before accepting the statutory audit assignment during the year.

5 AUDIT FOR ELECTRONIC DATA PROCESSING SYSTEM:

5.1 Primary (urban) co-operative banks which have partially / fully computerised their operations should introduce EDP audit system on perpetual basis. The EDP audit cell should be constituted as part of their Inspection and Audit Department in banks having an independent Inspection and Audit Department and other primary (urban) co-operative banks, which do not have an independent Inspection & Audit Department, should create a dedicated group of persons, who can perform functions of an EDP Auditor. Entire domain of EDP activities (from policy to implementation) should be brought under scrutiny of Inspection and Audit Department. The overall control and supervision of these EDP Audit Cells should be vested in the Audit Committees. Financial outlay as well as activities to be performed by EDP department should be reviewed by senior management at periodical intervals.

Primary (Urban) Co-operative Banks may comply with following guidelines while carrying out EDP Audit.

5.2 A team of competent and motivated EDP personnel may be developed in order to take care of a possible exodus of key personnel. EDP auditors' technical knowledge should be augmented on a continuing basis through deputation to seminars/conferences, supply of technical periodicals and books etc.

5.3 Duties of system programmer/designer should not be assigned to persons operating the system. System person would only make modifications /improvements to programs and the operating persons would only use such programs without having the right to make any modifications. In order to bring about uniformity of software used by various branches/offices there should be a formal method of incorporating change in standard software and it should be approved by senior management. Inspection and Audit Department should verify such changes from the view-point of control and for its implementation in other branches in order to maintain uniformity.

5.4 Major factors which lead to security violations in computers include inadequate or incomplete system design, programming errors, weak or inadequate logical access controls, absent or poorly designed procedural controls, ineffective employee supervision and management controls. These may be plugged by:

strengthening physical, logical and procedural access to system;

introducing standards for quality assurance and periodically testing and checking them; and

screening employees prior to induction into EDP application areas and keeping a watch on their behavioral pattern.

putting in place appropriate control measures to protect the computer system from attacks of unscrupulous elements.

5.5 Replacement of manual procedures by computer applications should be done after a parallel run of the system and ensuring that all aspects of security, reliability and accessibility of data.

5.6 In order to ensure that the EDP applications have resulted in a consistent and reliable system for inputting of data, processing and generation of output, various tests to identify erroneous processing, to assess the quality of data, to identify inconsistent data and to compare data with physical forms should be introduced.

5.7 The bank should make a formal declaration of system development methodology, programming and documentation standards to be followed, compliance should be verified by EDP Auditors.

5.8 Contingency plans/procedures in case of failure of system should be introduced/ tested at periodic intervals. EDP auditor should put such contingency plan under test during the audit for evaluating the effectiveness of such plans.

5.9 While engaging outside computer agencies, banks should ensure to incorporate the "clause of visitorial rights" in the contract, so as to have the right to inspect the process of application and also ensure the security of the data/inputs given to such outside agencies.

6. INFORMATION SYSTEM (IS) AUDIT

UCBs have adopted technology and have been offering electronic banking, tele banking, electronic clearing/funds transfer, electronic money, smart cards etc to its customers. In view of the above and having regard to risks emanating from adoption of technology, there is a need to introduce IS Audit in UCBs. It is, therefore, advised that

(i) UCBs may adopt an IS audit policy, if not already done, appropriate to its level of operations, complexity of business and level of computerization and review the same at regular intervals in tune with guidelines issued by RBI from time to time.

(ii) UCBs may also adopt appropriate systems and practices for conducting IS audit on annual basis covering all the critically important branches (in terms of nature and volume of business).

(iii) Such audits should be undertaken preferably prior to the statutory audit so that IS audit reports are available to the statutory auditors well in time for examination and for incorporating comments, if any, in the audit reports.

(iv) IS audit reports should be placed before the board and compliance should be ensured within the time frame as outlined in the audit policy.

(v) The above instructions may be implemented during the current accounting year beginning from April 1, 2014 to March 31, 2015.

7. AUDIT COMMITTEE OF BOARD (APEX AUDIT COMMITTEE)

7.1 The Reserve Bank of India has, from time to time, emphasised the need on the part of the directors of the primary (urban) co-operative banks to ensure timely review and action on the findings of statutory inspection/audit reports and submission of the compliance reports thereto. Yet, in most of the banks, there is no proper system to examine and follow-up the observations and suggestions made in the inspection reports of Reserve Bank of India, statutory auditors and those submitted by the internal inspection department, vigilance cell and internal auditors. Timely follow-up action on the findings of inspection reports and guidelines, circulars etc. issued by RBI as also the internal audit/inspection, etc. is considered desirable to tone up the overall functioning and operational efficiency of the banks.

7.2 In order to ensure and enhance the effectiveness of internal audit/inspection as a management tool, it is considered necessary that an Apex Audit Committee should be set up at the Board level for overseeing and providing direction to the internal audit/inspection machinery and other executives of primary (urban) co-operative banks. The Audit Committee of the Board of Directors (ACB) may consist of the Chairman and three/four Directors, one or more of such Directors being Chartered Accountants or persons having experience in management, finance, accountancy and audit system, etc. This also implies that the banks need to constitute, wherever necessary, their Boards with an adequate number of such professionals.

7.3 The Audit Committee of the Board should review the implementation of the guidelines issued by RBI and submit a note thereon, to the Board at quarterly intervals.

7.4 The other duties/ responsibilities of the Audit Committee of Board (ACB) are as follows:

7.4.1 ACB should provide direction and oversee the operations of the total audit function in the bank. The total audit function will imply the organization, operationalisation and quality control of internal audit and inspection within the bank and follow-up on the statutory audit of the bank and inspection of the Reserve Bank.

7.4.2 As regards internal audit, ACB should review the internal inspection/audit function in the bank - the system, its quality and effectiveness in terms of follow up. It should review the follow up action on the internal inspection reports, particularly of "unsatisfactory" branches and branches classified by the bank as extra large branches. It should also specially focus on the follow up on:

Inter-branch adjustment accounts.

Unreconciled long outstanding entries in inter-branch accounts and inter-bank accounts.

1.1 A High level Committee set up by the Reserve Bank of India at the instance of Government of India under the chairmanship of Shri A. Ghosh, the then Deputy Governor, to enquire into various aspects of frauds and malpractices in banks, had recommended in its report, submitted in June 1992 that a system of Concurrent Audit should be introduced at large and exceptionally large branches to serve as administrative support to branches, help in adherence to prescribed systems and procedures and timely detection of lapses/irregularities. An informal group set up by the Reserve Bank of India comprising senior officers of some large commercial banks and the representatives from the Institute of Chartered Accountants of India examined the various aspects connected with the system. The views that emerged in the Group's discussions are detailed below which could be considered for adoption by primary (urban) co-operative banks.

2. SCOPE OF CONCURRENT AUDIT

2.1 Concurrent audit is an examination, which is contemporaneous with the occurrence of transactions or is carried out as near thereto as possible. It attempts to shorten the interval between a transaction and its examination by an independent person not involved in its documentation. There is an emphasis in favour of substantive checking in key areas rather than test checking.

2.2 A concurrent auditor may not sit in judgement of the decision taken by bank/branch Manager or an authorised official. However, the auditor will necessarily have to see whether the transactions or decisions are within the policy parameters laid down by the Head Office/Board of Directors, they do not violate the instructions or policy prescriptions of the Reserve Bank of India and that they are within the delegated authority and in compliance with the terms and conditions for exercise of delegated authority.

3 COVERAGE OF BUSINESS/BRANCHES

3.1 The suggested coverage may be as under:

3.1.1 The Departments/Divisions at the Head Office dealing with treasury functions viz. investments, funds management including inter-bank borrowings, bill rediscount, in stock invest scheme, credit card system and foreign exchange business are to be subjected to concurrent audit. In addition, all branch offices undertaking such business, as also large branches and dealing rooms have to be subjected to continuous audit.

3.1.2 The problem branches, which are continuously getting poor or very poor rating in the bank’s annual inspection/audit and where the house keeping is extremely poor may be covered.

3.1.3 Banks may also include additional branches at their discretion on the basis of need; that is their professional judgement about the overall functioning of the branches.

4 TYPES OF ACTIVITIES TO BE COVERED

4.1 The main role of the concurrent audit is to supplement the efforts of the bank in carrying out simultaneous internal check of the transactions and other verifications and compliance with the procedures laid down. In particular, it
should be seen that the transactions are properly recorded/documented and vouched. The concurrent auditors may broadly cover the following items:

4.1.1 Cash

4.1.1.1 Daily cash transactions with particular reference to any abnormal receipts and payments.

4.1.2.1 Ensure that in respect of purchase and sale of securities, the branch has acted within its delegated power having regard to its Head Office instructions.

4.1.2.2 Ensure that the securities held in the books of the branch are physically held by it.

4.1.2.3 Ensure that the branch is complying with the RBI/Head Office/Board guidelines regarding BRs, SGL forms, delivery of scrips, documentation and accounting

4.1.2.4 Ensure that the sale or purchase transactions are done at rates beneficial to the bank.

4.1.3 Deposits

4.1.3.1 Check the transactions about deposits received and repaid.

4.1.3.2 Percentage check of interest paid on deposits may be made, including calculation of interest on large deposits

4.1.3.3 Check new accounts opened. Operations in new Current/SB accounts may be verified in the initial period itself to see whether there are any unusual operations. Also examine whether the formalities connected with the opening of new accounts have been followed as per RBI instructions.

4.1.4 Advances

4.1.4.1 Ensure that loans and advances have been sanctioned properly (i.e. after due scrutiny and at the appropriate level).

4.1.4.2 Verify whether the sanctions are in accordance with delegated authority.

4.1.4.3 Ensure that securities and documents have been received and properly charged/registered.

4.1.4.4 Ensure that post disbursement, supervision and follow-up is proper, such as receipt of stock statement, instalments, renewal of limits, etc.

4.1.4.5 Verify whether there is any misutilisation of the loans and advances and whether there are instances indicative of diversion of funds.

4.1.4.6 Check whether the letters of credit issued by the branch are within the delegated power and ensure that they are for genuine trade transactions.

4.1.4.7 Check the bank guarantees issued, whether they have been properly worded and recorded in the register of the bank. Whether they have been promptly renewed on the due dates.

4.1.4.8 Ensure proper follow-up of overdue bills of exchange.

4.1.4.9 Verify whether the classification of advances has been done as per RBI guidelines.

4.1.4.10 Verify whether the submission of claims to ECGC is in time.

4.1.4.11 Verify that instances of exceeding delegated powers have been promptly reported to Controlling/Head Office/Board by the branch and have been got confirmed or ratified at the required level

4.1.4.12 Verify the frequency and genuineness of such exercise of authority beyond the delegated powers by the concerned officials.

4.1.5 Foreign Exchange transactions

4.1.5.1 Check foreign bills negotiated under letters of credit.

4.1.5.2 Check FCNR and other non-resident accounts, whether the debits and credits are permissible under the rules.

4.1.6.3 Carryout a percentage check of calculations of interest, discount, commission and exchange.

4.1.6.4 Check whether debits in income account have been permitted by the competent authorities.

4.1.6.5 Check the transactions of staff accounts.

4.1.6.6 In case of difference in clearing, there is a tendency to book it in an intermediary suspense account instead of locating the difference. Examine the day book to verify as to how the differences in clearing have been adjusted. Such instances should be reported to Head Office/Board of Directors in case the difference persists.

4.1.6.7 Detection and prevention of revenue leakages through close examination of income and expenditure accounts/transactions.

4.1.6.8 Check cheques returned/bills returned register and look into reasons for return of those instruments.

4.1.7.1 Ensure that the branch gives proper compliance to the internal inspection/audit reports.

4.1.7.2 Ensure that customer complaints are dealt with promptly

4.1.7.3 Verification of statements, HO returns, statutory returns.

4.2 The aforesaid list is illustrative and not exhaustive. The banks may, therefore, add other items to the list, which in their opinion are useful for the purpose of proper control of the branch operations. In the context of volume of transactions in the large branches it may not be always possible for the concurrent auditors to do a cent percent check. They may, therefore, consider adopting the following norms:

4.2.1 In certain areas, such as off balance sheet items (LCs and BGs), investment portfolio, foreign exchange transactions, fraud prone/sensitive areas, advances having outstanding balances of more than Rs. 5 lakhs, if any unusual feature is observed, the concurrent auditors may conduct cent percent check.

4.2.2 In the case of areas such as income and expenditure items, inter-bank and inter-branch accounting, interest paid and interest received, clearing transactions, and deposit accounts, the check can be restricted to 10 to 25 per cent of the number of transactions.

4.2.3 Where any branch has poor performance in certain areas or requires close monitoring in housekeeping, loans and advances or investments, the concurrent auditors may carry out intensive checking of such areas.

4.2.4 Concurrent auditors may concentrate on high value transactions having financial implication for the bank rather than those involving lesser amount, although number-wise they may be large.

4.2.5 If any adverse remark is required to be given, the concurrent auditors should give reasons therefore.

5.1 The option to consider whether the concurrent audit should be done by the external auditors (professionally qualified Chartered Accountants) or its own staff may be left to the individual banks. In case bank decides to appoint external auditors for the purpose, the terms of their appointment and remuneration to be paid may be fixed by the banks within the broad guidelines approved by the Board and/or by the Registrar of Co-operative Societies of the State concerned.

5.2 The audit firms will be responsible for any omissions or commissions in respect of transactions seen by them. In case any serious act of omission or commission is noticed in the working of the concurrent auditors (external), the bank may consider terminating their appointment and a report may be made to the Institute of Chartered Accountants of India for such action as they deem fit under intimation to RBI/RCS.

5.3 In case the bank prefers to entrust the audit to its own officers, the bank has to ensure that these officers are well experienced and of sufficient seniority in order to exercise necessary independence and objectivity while conducting concurrent audit. It would be desirable and necessary to rotate the auditors, whether internal or external, periodically. Progressively, it may be considered whether reliance on external auditors may be reduced as soon as requisite skills for audit work are developed by the proper selection and training of officers from within.

6. REPORTING SYSTEM

6.1 The concurrent auditors may report the minor irregularities, wrong calculations etc. to the Branch Manager for an on-the-spot rectification and reporting compliance.

6.2 If these irregularities are not rectified within a reasonable period of time say a week, these may be reported to the head office. If the auditors observe any serious irregularities, these should be straight away reported to Head Office immediately. The auditor will have to lay emphasis on the propriety aspect of the audit. Banks may institute an appropriate system of follow-up of the reports of the concurrent auditors. There must be a system of annual review of the working of concurrent audit.

7. CONCLUSION

While instituting the concurrent audit system, the attempt should be to integrate the same with other systems of internal audit/inspections, which are already in existence. One of the drawbacks hitherto has been non-integration of the different systems of internal audit and inspections and lack of response to audit objections/qualifications. It is necessary that the entire system of audit, inspection and their follow-up is properly documented and the performance of the integrated audit system is reviewed from time to time.